Mobile Ad-Hoc Networks: Protocol Design 552 A standard AODV request message is 48 bytes and a reply message is 44 bytes. The DITD model uses request message of 60 bytes and reply messages of 56 bytes. Therefore, DITD increases the routing control packet size by 12 bytes. DITD’s routing control packets contain trust associated variables and flags to trigger back-tracked certificate distribution. The DITD certificate control packets are 508 bytes in size as they included a 450 byte certificate. It is noted that making the routing and certificate control packets separate and independent from each other has a greater impact on reducing the per byte packet overhead. This independency allows for concurrent processing of packets which is optimal in a fully distributive ad hoc network. Fig. 14. Control packet overhead for highly mobile network (0 second pause time) Fig.15. Control packet overhead for partially stable network (250 second pause time) 0 50 100 150 200 250 300 350 0 10203040 Packets x 10 3 Speed (m/s) AODV: pausetime = 0s DITD: pausetime = 0s 0 50 100 150 200 250 300 350 0 10203040 Packets x10 3 Speed (m/s) AODV: pausetime = 250s DITD: pausetime = 250s 552 Mobile Ad-Hoc Networks: Protocol Design Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation 553 End-to-End Delay The average end-to-end delay results are presented in Figure 16 and Figure 17. It is observed that the DITD model delivers packets with more delay than AODV. The additional delay is attributed to the transmission delay, the packet queuing delay, and the processing delay of additional certificate control packets. The processing delay includes verification. A conventional certificate distribution scheme that follows the route discovery process would require that certificates be verified before the routing packets are forwarded. DITD performs verifications independent of the routing procedure. The request route is established following the route request message RREQ to the destination and DITD performs verifications independently without hindering the propagation of the RREQ message. Fig. 16. Average end-to-end delay for highly mobile network (0 second pause time) DITD uses back-track verification to minimize the number of verifications performed on the reply route which follows the reply message RREP toward the source. Hass and Pearlman [Haas & Pearlman, 2001] propose a solution which performs all verifications on the reply route. This method minimizes the nuns performed in a networks lifetime but results in delayed establishment of routes. If ECC (elliptic curve cryptography) type keys are used the verification process could take up to 16 ms per verification [Zapata, 2006] such a delay is unrealistic for multi hop routes requiring verification. DITD’s approach attempts to minimize the delay incurred. c. Trust Evaluation Results In order to test the performance of the security evaluation scheme, a black hole attack was simulated to show that DITD’s security evaluation scheme excludes malicious nodes from trust and route establishment protecting the network from black hole type attacks. A black 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 10203040 Average Delay (s) Speed (m/s) AODV: pausetime = 0s DITD: pausetime = 0s 553 Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation Mobile Ad-Hoc Networks: Protocol Design 554 hole adversary model was designed on the ns-2.31 link layer (LL) which lies below the routing layer. Modifications were made to the link layer agent ll.cc to simulate a black hole attack. Each packet sent by the routing layer is checked at the link layer, the adversary model silently drops all data packets while still allowing routing packets to be passed. This creates the affect of a black hole attack. A second black hole adversary model was implemented which includes a rushing type attack. The rushing attack was implemented by allowing adversary nodes to forward routing packets immediately, removing the small jitter delay that AODV implements. AODV uses this small delay to reduce the number of collisions and ensure the shortest path is selected. The rushing attack gives an adversary node a time advantage over normal nodes resulting in the adversary node becoming part of considerably more routes. Fig. 17. Average end-to-end delay for partially stable network (250 second pause time) The same simulation scenario and traffic model was used to analyse the black hole attack. The mobility was fixed with a pause time of 0 seconds and three speeds were investigated (0.1m/s, 5m/s and 20m/s). A 50 node network was simulated with 6 different attack scenarios. The attack scenarios were created by varying the number of black hole adversary nodes added by 0 to10. Figure 18 shows the nam simulation file for a simulation scenario with 10 adversary nodes. Each scenario was averaged over 10 seeds resulting in 720 iterations for the security evaluation scheme analysis. The black hole attack aims to drop data packets and reduce the networks throughput. The effects of a black hole and rushing attack are analysed using the packet delivery ratio performance metric. 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 10203040 Average Delay (s) Speed (m/s) AODV: pausetime = 250s DITD: pausetime = 250s 554 Mobile Ad-Hoc Networks: Protocol Design Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation 555 Black hole adversary node Trusted node Fig. 18. Sample nam simulation of black hole network simulation Packet delivery A black hole type problem is implemented to simulate the success of DITD’s security evaluation scheme. The scenario assumes weighted nodes carry a security metric which identifies fault detection or data transmission errors carried out by a monitoring system at each node. An example of such a system is found in [Buchegger & Boudec, 2002]. The weighted nodes are used to establish a weighted trust graph where each edge or route carries a trust calculated by DITD’s security evaluation scheme. The effects of the black hole attack upon AODV and DITD are compared in Figure 37 and Figure 38. It is observed that as the number of adversary nodes increases the packet delivery ratio for the AODV model decreases. The AODV model is vulnerable to black hole attacks and in the presence of 10 adversary nodes the packet delivery ratio is below 65%. The reduction in throughput is expected as more data packets will be dropped by the presence of many adversary nodes. DITD avoids the adversary nodes by implicitly excluding these nodes during route establishment. The success of the protocol at low speeds is presented in Figure 19 and it is observed that even in presence of 10 adversary nodes the packet delivery ratio is not less than 90%. Figure 38 presents the success of the DITD model at a higher mobility of 20m/s. The DITD model prevents the severe effects of black hole attacks showing better results when 4 and greater than 4 adversary nodes are present. There is approximately a 10% decrease in packet delivery ratio when compared to the low mobility scenario in Figure 19. This reduction in packet delivery ratio is attributed to the increase in link breakages apparent at higher speeds and the overhead incurred from the certificate exchange protocol. The results of DITD in Figure 20 correlate to the packet delivery ratio at 20m/s in Figure 12. A rushing attack was included for the simulations presented in Figure 21 and Figure 22. An adversary node equipped with a rushing type attack will participate in more routes maximising the effect of its attack. Figure 21 and Figure 22 show that when adversary nodes employ a rushing attack the effects of the black hole attack are maximised. The packet 555 Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation Mobile Ad-Hoc Networks: Protocol Design 556 delivery ratio of the AODV protocol is dropped to 40% when 10 adversary nodes are present. This is considerably less when compared to the 60-65% packet delivery ratio that AODV experiences under the same conditions with a standalone black hole attack. The results of DITD under rushing attacks are unnoticeable when compared to DITD with no rushing attacks. For low speeds, DITD provides a throughput rate of above 90% even in the presence of 10 adversary nodes. Figure 19: Packet Delivery Ratio for slow moving network under black hole attack DITD provides a security scheme that excludes malicious nodes from participating in trusted routes, therefore preventing black hole attacks and a number of other attacks targeting the network layer. The inclusion of this trust evaluation scheme allows the distribution of certificates to operate in the most trusted routing environment. Fig. 20. Packet Delivery Ratio for fast moving network under black hole attack 0 10 20 30 40 50 60 70 80 90 100 024681012 Packets x103 Speed (m/s) AODV: speed = 0.1m/s AODV: speed = 5m/s DITD: speed = 0.1m/s 0 20 40 60 80 100 024681012 PDR % Speed (m/s) AODV: speed = 20m/s DITD: speed = 20m/s 556 Mobile Ad-Hoc Networks: Protocol Design Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation 557 4.4 Design verification The DITD model, in relation to the design requirements stated in Section-2.3, will now be discussed. These requirements are based on the environment and functionality. The design requirements are briefly revisited throughout the discussion that follows. a. Environment The DITD model is required to operate on the network layer in an on-demand, fully distributive, self-organized manner. Implementation was performed on the network layer, which avoided multi-layer design problems. The simulation environment is set-up with no TTP member. This is similar to the way in which a certificate authority and network nodes are responsible for their own routing and trust establishment. The successful operation of DITD in the given environment is proven through simulation results, as presented in Section-6. DITD is self-organized in nature. However, it is noted that DITD assumes the nodes are able to create their own keying material prior to joining the network. Self-certificates provide a strong binding between a user’s key and a unique identity. The generation of keying material without the presence of a TTP is a complex problem. Solutions exist based on identity-based key generation [Shamir, 1984] [Weimerkirch & Westhoff, 2003]. The author suggests that further research in this area is carried out. Fig. 21. Packet Delivery Ratio for slow moving network under black hole rush attack b. Functionality Certificate distribution is a requirement of the DITD model. DITD provides the distribution of keying material in the form of self-certificates. Local certificate exchanges are made between one-hop neighbors, which create direct trust relations. These direct trust relations are chained together to share certificates across multi-hop channels. The DITD model assumes the existence of a weighted conduct value at each node. This allows the initial direct trust relations to have meaning. If this information is not available, direct trust relationship need to be established over a location-limited channel to ensure security, similar to infrared. Proximity based solutions are used in [Capkun et al, 2006] [Scannell et al, 2009]. DITD’s simulation model assumes the availability of conduct information. Certificates are observed in the trace table as they are successfully transmitted to their desired destinations. 0 20 40 60 80 100 024681012 PDR % Speed (m/s) AODV: speed = 0.1m/s AODV: speed = 5m/s DITD: speed = 0.1m/s 557 Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation Mobile Ad-Hoc Networks: Protocol Design 558 A second design requirement is that DITD must minimize the network overhead. The DITD model distributes certificates which use separate unicast certificate control packets. The certificates are triggered by the routing control packets. In comparison to AODV, DITD has an approximate 38% increase in control packets for highly mobile, high speed networks. The routing control packet size is increased by 12 bytes to include trust information and certificate control packets are 508 bytes in size. These packets result in a serve control packet overhead. The effects upon performance are reduced by: independency; concurrent processing; and back-track verification. Despite the significant control packet overhead, DITD merely reduces the packet delivery ratio by a 0-10% gap when compared to AODV. This reduction is notable if compared to a convention certificate distribution method, which increases the routing control packets by 450 bytes and results in over 50% reduction in packet delivery ratio. The performance of DITD is improved with more stable networks which have a higher pause time. Simulations show that as the speed of nodes increase, the network performance decrease, as a result of a rapidly changing topology and increased link breakages. Simulations also show that mobility aids certificate distribution. However, DITD is not reliant on mobility and can still successfully operate in low speed and stationary type networks. This allows DITD to meet the requirement to provide secure communication at the start of the network lifetime. Solutions in [Capkun et al, 2006] [Tanabe & Aida, 2007] depend on mobility to establish trust and expect an initial time delay before trust is established. DITD provides secure communication in a reactive manner without a significant time delay. DITD is not limited by mobility, as it shows high throughput rates for low speed and stationary network environments. DITD is required to be robust in spite of changing topologies. The simulations presented in Section- 6 were performed under varied pause times and speeds. This helped the investigation of the performance of DITD under varying topology environments. The simulation results show that DITD is robust in the presence of changing mobility, which will inherently have frequent routing failures. As mentioned above, DITD only reduces the throughput by a 0-10% gap across for changing topologies. It was observed that the DITD Fig. 22. Packet Delivery Ratio for fast moving network under black hole rush attack 0 20 40 60 80 100 024681012 PDR % Speed (m/s) AODV: speed = 20m/s DITD: speed = 20m/s 558 Mobile Ad-Hoc Networks: Protocol Design Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation 559 model has an approximate 0.7 second end-to-end delay (0.4 seconds greater than AODV) for high speed, highly mobile networks. This indicates that DITD is not feasible to use for audio application, in highly mobile network environments. DITD’s average end-to-end delay is reduced to 0.35 seconds (0.2 more than AODV) in a more stable network environment, which is within acceptable limits for audio application. The last functional requirement was the inclusion of trust evaluation scheme. The trust evaluation scheme allows for the most trusted route to be selected and for malicious nodes to be excluded from route participation. The success of the scheme is present in its prevention against black hole attacks. Simulations show that a black hole attack of 10 adversary nodes causes a 35-40% reduction in packet delivery for the AODV routing protocol. DITD avoids black hole and rushing attacks by excluding malicious nodes. In low speed networks DITD achieves a 90-95% throughput rate in the presence of 10 adversary nodes. 5. Contribution and future work 5.1 Summary of contribution Mobile ad hoc networks allow for a new set of applications that benefit from the dynamic, autonomous, and spontaneous mobile nature, inherent to these networks. However, the very qualities that make these networks so attractive also provide designers with new security challenges. The focus of this work is upon trust establishment in mobile ad hoc network. This work contributes to the body of work in the following ways: x Background knowledge on mobile ad hoc networks is presented. Their application in the military and commercial arena is investigated. A review of security attacks is present. Such attacks include: black hole attacks; wormhole attacks; eavesdropping attacks; byzantine attacks; resource consumption attacks; and routing table poisoning. The author identifies that mobile ad hoc networks are most vulnerable to network layer attacks and focus is placed on trust establishment on the network layer. x Providing a comprehensive survey on the existing key management solutions for mobile ad hoc networks. The solutions are intended for different types of ad hoc networks and therefore their comparison is difficult. The solutions that are investigated are: x Off-line Trusted Third Party Models x Partially Distributed Certificate Authority x Fully Distributed Certificate Authority x Cluster based Model x Proximity-based Identification x Self Issued Certificate Chaining A discussion of the functionality and characteristics of each approach is presented. The self-issued certificate model is identified as providing the lowest level of pre- configuration and off-line trusted third party (TTP) involvement. x A secure ad hoc routing survey. This work is vital to understanding trust establishment on the network layer. The following solutions are presented: x SEAD: Secure Efficient Ad Hoc Distance Vector Routing Protocol x Ariadne: A secure on-demand routing protocol for ad hoc networks 559 Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation Mobile Ad-Hoc Networks: Protocol Design 560 x ARAN: Authenticated Routing for Ad Hoc Networks x SAODV: Secure Ad hoc On-demand Distance Vector (SAODV) x SLSP: Secure Link-state routing x ODSBR: On-Demand Secure Routing Byzantine Resilient Routing Protocol x CONFIDANT: Reputation based solution A comparative summary is presented focusing upon the security analysis and operational requirements of each solution. The Ariadne, ARAN, SAODV, OSRP and CONFIDANT are designed for on-demand ad hoc routing. All the protocols investigated, except the CONFIDANT protocol, assumption pre-existing key relationships or the presence of a key management system to perform the tasks of key distribution and maintenance. The CONFIDANT protocol avoids key management by establishing trust based solely on conduct. This part of the dissertation identifies an open research field in area of key management on the routing layer of mobile ad hoc networks. x Presenting a novel security solution for mobile ad hoc networks. The solution is called Direct Indirect Trust Distribution (DITD) and is designed for an on-demand, fully distributive, self-organized, mobile ad hoc network. The scheme provides key distribution in the form of separate unicast certificate exchanges. The certificate exchange packets are independent from the routing control packets allow route establishment to operate concurrently but independently from trust establishment. A trust evaluation scheme is proposed that allows conduct based trust to influence to selection of routes and implicitly exclude malicious attacking nodes. This scheme allows the keying information to be distributed in a more secure manner. x A comprehensive simulation study compares the performance of DITD and AODV, the protocol on which DITD is based. Simulation results show that under changing topologies DITD provides successful certificate distribution and trust evaluation with a minimal throughput reduction of 0-10%. Simulations show that DITD does not rely on mobility to distribute certificates and still performs in low speed communication networks. A black hole and rushing attack adversary model is designed on the link layer. Simulations show that DITD is successful in excluding malicious nodes from participating in route and trust establishment. The work simulation results and the discussions show that the proposed model can be implemented with low complexity and provides the functionality of key distribution and security evaluation with trivial effects on the network performance. 5.2 Future work Future development will be made to enhance the DITD protocol, to further minimise the performance overhead. Future work includes the implementation of a load balancing agent to compliment and optimize the efficiency of DITD’s key management. The proposed model is not a standalone security solution. Future work includes the integration of the DITD scheme with a secure ad hoc routing protocol to realize a complete security system. The key management tasks are key distribution, key generation, key maintenance and key revocation [Menezes et al, 1996b]. The DITD model addresses key distribution assuming that keys are generated by participating nodes. The generation of a secure certificate binding between a node and its public key is difficult without the presence of a trusted third party. 560 Mobile Ad-Hoc Networks: Protocol Design [...]... for Ad- Hoc Networks, " IEEE Journal on Selected Areas in Communications, vol 24, pp 318-328, 2006 2006 564 Mobile Ad- Hoc Networks: Protocol Design Mobile Ad- Hoc Networks: Protocol Design [Tseng et al, 2003] Tseng C.Y., P Balasubramanyam, C Ko, R Limprasittiporn, J Rowe, and K Levitt, "A specification-based intrusion detection system for AODV," in Proceedings of the 1st ACM workshop on Security of ad hoc. .. Waypoint Mobility Model," IEEE Transactions on Mobile Computing, vol 3, pp 99-108, 2004 [Papadimitratos & Hass, 2002] Papadimitratos P and Z J Haas, "Secure Routing for Mobile Ad Hoc Networks, " in proc SCS Communication Network and Distributed System Modeling and Simulation Conf (CNDS'02), 2002 [Papadimitratos & Hass, 2003] Papadimitratos P and Z J Haas, "Secure Link State Routing for Mobile Ad Hoc Networks, "... Transactions on Mobile Computing, vol 5, pp 43-51, 2006 [Chor et al, 1985] B Chor, S Goldwasser, S Micali, and B Awerbuch, "Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract)," proc 26th IEEE Annual Symposium on Foundations of Computer Science, October, 21-23 1985 562 Mobile Ad- Hoc Networks: Protocol Design Mobile Ad- Hoc Networks: Protocol Design [Davis,... Intermittently-Connected Mobile Networks (ICMNs) The primary goal in such networks is to get the information from a source to the destination; these networks can tolerate a relatively higher delay A wide variety of ”challenged” networks fall under this category ranging from outer-space networks, under-water networks, wireless sensor networks, vehicular networks, sparse mobile ad- hoc networks etc Students... Issues in broadcasting 2.1 The broadcast storm As mentioned above, flooding is the simplest solution to broadcasting The fundamental idea behind flooding is that every node participates in transmission of a packet exactly once 581 Broadcasting in Mobile Ad Hoc Networks (a) (b) (c) (d) Fig 1 A sample network with five nodes: (a) Broadcasting by source A (b) Optimal broadcasting (c) Redundant broadcasting... assessment delay (RAD) Upon receiving a previously unseen packet, the node respectively initiates a counter and a timer (RAD) to one and zero During the RAD, the counter is 584 Mobile Ad- Hoc Networks: Protocol Design incremented by one for receiving each duplicate packet When the RAD expires, if the counter reaches a threshold or over, the node drops the packet Otherwise, it rebroadcasts the packet... CONFIDANT protocol, " in Proceedings of the 3rd ACM international symposium on Mobile ad hoc networking \& computing Lausanne, Switzerland: ACM, 2002 [Capkun et al., 2003] S Capkun, L Butty, and J.-P Hubaux, "Self-Organized Public-Key Management for Mobile Ad Hoc Networks, " IEEE Transactions on Mobile Computing, vol 2, pp 52-64, 2003 [Capkun et al, 2006] S Capkun, L Buttyan, and J.-P Hubaux, "Mobility... space 572 Mobile Ad- Hoc Networks: Protocol Design Routing is done by forwarding messages toward nodes that have mobility patterns that are more and more similar to the mobility pattern of the destination The authors demonstrate the feasibility of this framework through an example in which each dimension represents the probability for a node to be found in a particular location Real world mobility traces... MobiSys ’03: Proceedings of the 1st international conference on Mobile systems, applications and services, ACM, New York, NY, USA, pp 303–316 Bin Tariq, M M., Ammar, M & Zegura, E (2006) Message ferry route design for sparse ad hoc networks with mobile nodes, MobiHoc ’06: Proceedings of the 7th ACM international symposium on Mobile ad hoc networking and computing, ACM, New York, NY, USA, pp 37–48 Burgess,... Ghandeharizadeh, S., Kapadia, S & Krishnamachari, B (2006) An evaluation of availability latency in carrier-based wehicular ad- hoc networks, MobiDE ’06: Proceedings of the 5th ACM international workshop on Data engineering for wireless and mobile access, ACM, New York, NY, USA, pp 75–82 Grossglauser, M & Vetterli, M (2003) Locating nodes with EASE: last encounter routing for Ad Hoc networks through mobility . 0s 553 Trust Establishment in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation Mobile Ad- Hoc Networks: Protocol Design 554 hole adversary model was designed on the ns-2.31. in Mobile Ad Hoc Networks: Direct Trust Distribution-Performance and Simulation Mobile Ad- Hoc Networks: Protocol Design 556 delivery ratio of the AODV protocol is dropped to 40% when 10 adversary. SEAD: Secure Efficient Ad Hoc Distance Vector Routing Protocol x Ariadne: A secure on-demand routing protocol for ad hoc networks 559 Trust Establishment in Mobile Ad Hoc Networks: Direct Trust